Merge pull request #455 from tox-rs/asymmetric

Pure rust asymmetric crypto

Author: kurnevsky

examples/Cargo.toml

@@ -5,7 +5,7 @@ publish = false
 edition = "2018"
 
 [dev-dependencies]
-tox_binary_io = { version = "0.1.1", path = "../tox_binary_io", features = ["sodium"] }
+tox_binary_io = { version = "0.1.1", path = "../tox_binary_io", features = ["crypto"] }
 tox_crypto = { version = "0.1.1", path = "../tox_crypto" }
 tox_packet = { version = "0.1.1", path = "../tox_packet" }
 tox_core = { version = "0.1.1", path = "../tox_core" }

examples/dht_server.rs

@@ -8,6 +8,7 @@ extern crate log;
 use futures::future::FutureExt;
 use futures::channel::mpsc;
 use failure::Error;
+use rand::thread_rng;
 
 use std::net::SocketAddr;
 
@@ -23,21 +24,19 @@ mod common;
 
 fn as_packed_node(pk: &str, saddr: &str) -> PackedNode {
     let pk_bytes: [u8; 32] = hex::FromHex::from_hex(pk).unwrap();
-    let pk = PublicKey::from_slice(&pk_bytes).unwrap();
+    let pk = PublicKey::from(pk_bytes);
     let saddr: SocketAddr = saddr.parse().unwrap();
 
-    PackedNode::new(saddr, &pk)
+    PackedNode::new(saddr, pk)
 }
 
 #[tokio::main]
 async fn main() -> Result<(), Error> {
     env_logger::init();
 
-    if crypto_init().is_err() {
-        panic!("Crypto initialization failed.");
-    }
-
-    let (server_pk, server_sk) = gen_keypair();
+    let mut rng = thread_rng();
+    let server_sk = SecretKey::generate(&mut rng);
+    let server_pk = server_sk.public_key();
 
     // Create a channel for server to communicate with network
     let (tx, rx) = mpsc::channel(32);
@@ -48,7 +47,7 @@ async fn main() -> Result<(), Error> {
     let stats = Stats::new();
 
     let mut lan_discovery_sender =
-        LanDiscoverySender::new(tx.clone(), server_pk, local_addr.is_ipv6());
+        LanDiscoverySender::new(tx.clone(), server_pk.clone(), local_addr.is_ipv6());
 
     let mut dht_server = DhtServer::new(tx, server_pk, server_sk);
     dht_server.set_bootstrap_info(3_000_000_000, Box::new(|_| b"This is tox-rs".to_vec()));

examples/echo.rs

@@ -52,11 +52,13 @@ async fn main() -> Result<(), Error> {
 
     let mut rng = thread_rng();
 
-    let (dht_pk, dht_sk) = gen_keypair();
+    let dht_sk = SecretKey::generate(&mut rng);
+    let dht_pk = dht_sk.public_key();
 
     // create random tox id and print it
-    let (real_pk, real_sk) = gen_keypair();
-    let id = ToxId::new(&mut rng, real_pk);
+    let real_sk = SecretKey::generate(&mut rng);
+    let real_pk = real_sk.public_key();
+    let id = ToxId::new(&mut rng, real_pk.clone());
     println!("your tox id is: {:X}",id);
 
     // Create a channel for server to communicate with network
@@ -70,16 +72,16 @@ async fn main() -> Result<(), Error> {
     let socket = common::bind_socket(local_addr).await;
     let stats = Stats::new();
 
-    let mut lan_discovery_sender = LanDiscoverySender::new(tx.clone(), dht_pk, local_addr.is_ipv6());
+    let mut lan_discovery_sender = LanDiscoverySender::new(tx.clone(), dht_pk.clone(), local_addr.is_ipv6());
 
     let (tcp_incoming_tx, mut tcp_incoming_rx) = mpsc::unbounded();
 
-    let mut dht_server = DhtServer::new(tx.clone(), dht_pk, dht_sk.clone());
+    let mut dht_server = DhtServer::new(tx.clone(), dht_pk.clone(), dht_sk.clone());
     dht_server.enable_lan_discovery(true);
     dht_server.enable_ipv6_mode(local_addr.is_ipv6());
 
-    let tcp_connections = Connections::new(dht_pk, dht_sk.clone(), tcp_incoming_tx);
-    let onion_client = OnionClient::new(dht_server.clone(), tcp_connections.clone(), real_sk.clone(), real_pk);
+    let tcp_connections = Connections::new(dht_pk.clone(), dht_sk.clone(), tcp_incoming_tx);
+    let onion_client = OnionClient::new(dht_server.clone(), tcp_connections.clone(), real_sk.clone(), real_pk.clone());
 
     let (lossless_tx, mut lossless_rx) = mpsc::unbounded();
     let (lossy_tx, mut lossy_rx) = mpsc::unbounded();
@@ -93,7 +95,7 @@ async fn main() -> Result<(), Error> {
         lossy_tx,
         dht_pk,
         dht_sk,
-        real_pk,
+        real_pk: real_pk.clone(),
         real_sk: real_sk.clone(),
         precomputed_keys: dht_server.get_precomputed_keys(),
     });
@@ -115,11 +117,11 @@ async fn main() -> Result<(), Error> {
         // get PK bytes of the bootstrap node
         let bootstrap_pk_bytes: [u8; 32] = FromHex::from_hex(pk).unwrap();
         // create PK from bytes
-        let bootstrap_pk = PublicKey::from_slice(&bootstrap_pk_bytes).unwrap();
+        let bootstrap_pk = PublicKey::from(bootstrap_pk_bytes);
 
-        let node = PackedNode::new(saddr.parse().unwrap(), &bootstrap_pk);
+        let node = PackedNode::new(saddr.parse().unwrap(), bootstrap_pk);
 
-        dht_server.add_initial_bootstrap(node);
+        dht_server.add_initial_bootstrap(node.clone());
         onion_client.add_path_node(node).await;
     }
 
@@ -176,8 +178,8 @@ async fn main() -> Result<(), Error> {
                     }
                 },
                 0x18 => { // PACKET_ID_ONLINE
-                    net_crypto_c.send_lossless(pk, vec![0x18]).map_err(Error::from).await?;
-                    net_crypto_c.send_lossless(pk, vec![0x32, 0x00]).map_err(Error::from).await?; // PACKET_ID_USERSTATUS
+                    net_crypto_c.send_lossless(pk.clone(), vec![0x18]).map_err(Error::from).await?;
+                    net_crypto_c.send_lossless(pk.clone(), vec![0x32, 0x00]).map_err(Error::from).await?; // PACKET_ID_USERSTATUS
                     net_crypto_c.send_lossless(pk, b"\x30tox-rs".to_vec()).map_err(Error::from).await?;
                 },
                 0x40 => { // PACKET_ID_CHAT_MESSAGE
@@ -210,7 +212,7 @@ async fn main() -> Result<(), Error> {
         // get PK bytes of the relay
         let relay_pk_bytes: [u8; 32] = FromHex::from_hex(pk).unwrap();
         // create PK from bytes
-        let relay_pk = PublicKey::from_slice(&relay_pk_bytes).unwrap();
+        let relay_pk = PublicKey::from(relay_pk_bytes);
 
         tcp_connections.add_relay_global(saddr.parse().unwrap(), relay_pk).await.map_err(Error::from)?;
     }

examples/onion_client.rs

@@ -8,6 +8,7 @@ use futures::future::FutureExt;
 use futures::stream::StreamExt;
 use futures::sink::SinkExt;
 use futures::channel::mpsc;
+use rand::thread_rng;
 use tokio_util::udp::UdpFramed;
 
 use tox_crypto::*;
@@ -27,17 +28,17 @@ const FRIEND_PK: &str = "3E6A06DA48D1AB98549AD76890770B704AE9116D8654FBCD35C9BF2
 
 fn as_packed_node(pk: &str, saddr: &str) -> PackedNode {
     let pk_bytes: [u8; 32] = hex::FromHex::from_hex(pk).unwrap();
-    let pk = PublicKey::from_slice(&pk_bytes).unwrap();
+    let pk = PublicKey::from(pk_bytes);
     let saddr: SocketAddr = saddr.parse().unwrap();
 
-    PackedNode::new(saddr, &pk)
+    PackedNode::new(saddr, pk)
 }
 
 fn load_keypair() -> (PublicKey, SecretKey) {
     use hex::FromHex;
 
     let real_sk_bytes: [u8; 32] = FromHex::from_hex(SELF_SK).unwrap();
-    let real_sk = SecretKey::from_slice(&real_sk_bytes).unwrap();
+    let real_sk = SecretKey::from(real_sk_bytes);
     let real_pk = real_sk.public_key();
 
     (real_pk, real_sk)
@@ -47,7 +48,9 @@ fn load_keypair() -> (PublicKey, SecretKey) {
 async fn main() -> Result<(), Error> {
     env_logger::init();
 
-    let (dht_pk, dht_sk) = gen_keypair();
+    let mut rng = thread_rng();
+    let dht_sk = SecretKey::generate(&mut rng);
+    let dht_pk = dht_sk.public_key();
     let (real_pk, real_sk) = load_keypair();
 
     // Create a channel for server to communicate with network
@@ -61,7 +64,7 @@ async fn main() -> Result<(), Error> {
     let (dht_pk_tx, dht_pk_rx) = mpsc::unbounded();
     let (tcp_incoming_tx, _tcp_incoming_rx) = mpsc::unbounded();
 
-    let dht_server = Server::new(tx, dht_pk, dht_sk.clone());
+    let dht_server = Server::new(tx, dht_pk.clone(), dht_sk.clone());
     let tcp_connections = Connections::new(dht_pk, dht_sk, tcp_incoming_tx);
     let onion_client = OnionClient::new(dht_server, tcp_connections, real_sk, real_pk);
 
@@ -74,7 +77,7 @@ async fn main() -> Result<(), Error> {
     }
 
     let friend_pk_bytes: [u8; 32] = hex::FromHex::from_hex(FRIEND_PK).unwrap();
-    let friend_pk = PublicKey::from_slice(&friend_pk_bytes).unwrap();
+    let friend_pk = PublicKey::from(friend_pk_bytes);
 
     onion_client.add_friend(friend_pk).await;
 

examples/tcp_client.rs

@@ -24,39 +24,38 @@ use tokio::net::TcpStream;
 //  Since we pass a copy of tx as arg (to send PongResponses), the client will live untill IO error
 //  Comment out pong responser and client will be destroyed when there will be no messages to send
 async fn create_client(mut rx: mpsc::Receiver<Packet>, tx: mpsc::Sender<Packet>) -> Result<(), Error> {
-    // Use `gen_keypair` to generate random keys
     // Client constant keypair for examples/tests
-    let client_pk = PublicKey([252, 72, 40, 127, 213, 13, 0, 95,
-                              13, 230, 176, 49, 69, 252, 220, 132,
-                              48, 73, 227, 58, 218, 154, 215, 245,
-                              23, 189, 223, 216, 153, 237, 130, 88]);
-    let client_sk = SecretKey([157, 128, 29, 197, 1, 72, 47, 56,
-                              65, 81, 191, 67, 220, 225, 108, 193,
-                              46, 163, 145, 242, 139, 125, 159,
-                              137, 174, 14, 225, 7, 138, 120, 185, 153]);
+    let client_pk = PublicKey::from([252, 72, 40, 127, 213, 13, 0, 95,
+                                    13, 230, 176, 49, 69, 252, 220, 132,
+                                    48, 73, 227, 58, 218, 154, 215, 245,
+                                    23, 189, 223, 216, 153, 237, 130, 88]);
+    let client_sk = SecretKey::from([157, 128, 29, 197, 1, 72, 47, 56,
+                                     65, 81, 191, 67, 220, 225, 108, 193,
+                                     46, 163, 145, 242, 139, 125, 159,
+                                     137, 174, 14, 225, 7, 138, 120, 185, 153]);
 
     let (addr, server_pk) = match 1 {
         1 => {
             // local tcp relay server from example
             let addr: std::net::SocketAddr = "0.0.0.0:12345".parse().unwrap();
             // Server constant PK for examples/tests
-            let server_pk = PublicKey([177, 185, 54, 250, 10, 168, 174,
-                                    148, 0, 93, 99, 13, 131, 131, 239,
-                                    193, 129, 141, 80, 158, 50, 133, 100,
-                                    182, 179, 183, 234, 116, 142, 102, 53, 38]);
+            let server_pk = PublicKey::from([177, 185, 54, 250, 10, 168, 174,
+                                             148, 0, 93, 99, 13, 131, 131, 239,
+                                             193, 129, 141, 80, 158, 50, 133, 100,
+                                             182, 179, 183, 234, 116, 142, 102, 53, 38]);
             (addr, server_pk)
         },
         2 => {
             // remote tcp relay server
             let server_pk_bytes: [u8; 32] = FromHex::from_hex("461FA3776EF0FA655F1A05477DF1B3B614F7D6B124F7DB1DD4FE3C08B03B640F").unwrap();
-            let server_pk = PublicKey::from_slice(&server_pk_bytes).unwrap();
+            let server_pk = PublicKey::from(server_pk_bytes);
             let addr = "130.133.110.14:33445".parse().unwrap();
             (addr, server_pk)
         },
         3 => {
             // local C DHT node, TODO remove this case
             let server_pk_bytes: [u8; 32] = FromHex::from_hex("C4B8D288C391704E3C8840A8A7C19B21D0B76CAF3B55341D37C5A9732887F879").unwrap();
-            let server_pk = PublicKey::from_slice(&server_pk_bytes).unwrap();
+            let server_pk = PublicKey::from(server_pk_bytes);
             let addr = "0.0.0.0:33445".parse().unwrap();
             (addr, server_pk)
         }
@@ -120,10 +119,10 @@ async fn main() -> Result<(), Error> {
             i += 1;
             if i == 1 {
                 // Client friend constant PK for examples/tests
-                let friend_pk = PublicKey([15, 107, 126, 130, 81, 55, 154, 157,
-                                        192, 117, 0, 225, 119, 43, 48, 117,
-                                        84, 109, 112, 57, 243, 216, 4, 171,
-                                        185, 111, 33, 146, 221, 31, 77, 118]);
+                let friend_pk = PublicKey::from([15, 107, 126, 130, 81, 55, 154, 157,
+                                                 192, 117, 0, 225, 119, 43, 48, 117,
+                                                 84, 109, 112, 57, 243, 216, 4, 171,
+                                                 185, 111, 33, 146, 221, 31, 77, 118]);
                 tx.send(Packet::RouteRequest(RouteRequest { pk: friend_pk } )).await?;
             } else {
                 tx.send(Packet::Data(Data {

examples/tcp_server.rs

@@ -14,14 +14,13 @@ const TCP_CONNECTIONS_LIMIT: usize = 1024;
 async fn main() -> Result<(), Error> {
     env_logger::init();
     // Server constant PK for examples/tests
-    // Use `gen_keypair` to generate random keys
-    let server_pk = PublicKey([
+    let server_pk = PublicKey::from([
         177, 185, 54, 250, 10, 168, 174,
         148, 0, 93, 99, 13, 131, 131, 239,
         193, 129, 141, 80, 158, 50, 133, 100,
         182, 179, 183, 234, 116, 142, 102, 53, 38
     ]);
-    let server_sk = SecretKey([
+    let server_sk = SecretKey::from([
         74, 163, 57, 111, 32, 145, 19, 40,
         44, 145, 233, 210, 173, 67, 88, 217,
         140, 147, 14, 176, 106, 255, 54, 249,

tox_binary_io/Cargo.toml

@@ -17,8 +17,8 @@ edition = "2018"
 [dependencies]
 nom = "5.1"
 cookie-factory = "0.3"
-sodiumoxide = { version = "0.2.5", optional = true }
+crypto_box = { version = "0.6", optional = true }
 
 [features]
 default = []
-sodium = ["sodiumoxide"]
+crypto = ["crypto_box"]

tox_binary_io/src/crypto.rs

@@ -0,0 +1,52 @@
+use std::convert::TryInto;
+
+use nom::{map, map_opt, named, take};
+
+use crypto_box::{PublicKey, SecretKey, KEY_SIZE};
+
+use super::FromBytes;
+
+
+impl FromBytes for PublicKey {
+    // TODO: use map_from with new nom version
+    named!(from_bytes<PublicKey>, map!(map_opt!(take!(KEY_SIZE), |pk: &[u8]| pk.try_into().ok()), |pk: [u8; KEY_SIZE]| pk.into()));
+}
+
+/* TODO
+Use the following implementation when https://github.com/TokTok/c-toxcore/issues/1169 is fixed.
+And when most of tox network will send valid PK for fake friends.
+
+impl FromBytes for PublicKey {
+    named!(from_bytes<PublicKey>, verify!(
+        // TODO: use map_from with new nom version
+        map!(map_opt!(take!(KEY_SIZE), |pk: &[u8]| pk.try_into().ok()), |pk: [u8; KEY_SIZE]| pk.into()),
+        |pk| public_key_valid(&pk)
+    ));
+}
+*/
+
+impl FromBytes for SecretKey {
+    // TODO: use map_from with new nom version
+    named!(from_bytes<SecretKey>, map!(map_opt!(take!(KEY_SIZE), |sk: &[u8]| sk.try_into().ok()), |sk: [u8; KEY_SIZE]| sk.into()));
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn public_key_parse_bytes_test() {
+        let bytes = [42; KEY_SIZE];
+        let (_rest, pk) = PublicKey::from_bytes(&bytes).unwrap();
+
+        assert_eq!(pk.as_bytes(), &bytes as &[u8]);
+    }
+
+    #[test]
+    fn secret_key_parse_bytes_test() {
+        let bytes = [42; KEY_SIZE];
+        let (_rest, sk) = SecretKey::from_bytes(&bytes).unwrap();
+
+        assert_eq!(&sk.to_bytes()[..], &bytes as &[u8]);
+    }
+}

tox_binary_io/src/lib.rs

@@ -11,10 +11,10 @@ use std::{convert::TryInto, net::{
     Ipv6Addr,
 }};
 
-#[cfg(feature = "sodiumoxide")]
-pub use sodium::*;
-#[cfg(feature = "sodiumoxide")]
-mod sodium;
+#[cfg(feature = "crypto")]
+pub use crypto::*;
+#[cfg(feature = "crypto")]
+mod crypto;
 
 /// The trait provides method to deserialize struct from raw bytes
 pub trait FromBytes: Sized {
@@ -108,11 +108,9 @@ equals original value. Type of this value should implement `ToBytes`,
 */
 #[macro_export]
 macro_rules! encode_decode_test (
-    ($init:expr, $test:ident, $value:expr) => (
+    ($test:ident, $value:expr) => (
         #[test]
         fn $test() {
-            $init;
-
             let value = $value;
             let mut buf = [0; 1024 * 1024];
             let (_, size) = value.to_bytes((&mut buf, 0)).unwrap();
@@ -140,13 +138,13 @@ macro_rules! unpack {
     ($variable:expr, $variant:path [ $($inner:ident),* ]) => (
         match $variable {
             $variant( $($inner),* ) => ( $($inner),* ),
-            other => panic!("Expected {} but got {:?}", stringify!($variant), other),
+            other => panic!("Expected {}", stringify!($variant)),
         }
     );
     ($variable:expr, $variant:path { $($inner:ident),* }) => (
         match $variable {
             $variant { $($inner,)* .. } => ( $($inner),* ),
-            other => panic!("Expected {} but got {:?}", stringify!($variant), other),
+            other => panic!("Expected {}", stringify!($variant)),
         }
     );
 }